Microsoft has issued a security patch which reportedly fixes a
critical vulnerability in versions of Internet Explorer. The
vulnerability was recently exploited by the Troj/Qhosts-1 Trojan
horse.
Microsoft categorised the vulnerability as "critical" and urged
customers to "apply the patch immediately". According to Microsoft
the following versions of Internet Explorer are affected: Internet
Explorer 5.01, Internet Explorer 5.5, Internet Explorer 6.0, and
Internet Explorer 6.0 for Windows Server 2003.
More information about the vulnerability and how to apply the
patch can be found on Microsoft's website at www.microsoft.com/technet/security/bulletin/MS03-040.asp.
"Unlike worms like Blaster and Slammer, where patches were
available before the virus existed, a Trojan horse which exploited
this vulnerability was spotted before Microsoft had a fix," said
Graham Cluley, senior technology consultant for Sophos. "With more
vulnerabilities coming to light all the time, companies may have to
rethink whether full internet access for all employees is such a
good idea."
Microsoft has published step-by-step instructions for home users on how
to help protect their computers with critical updates in
future.
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.